Computer Security
[EN] securityvulns.ru
no-pyccku




24.02.2012
Detailed
 libxmls library DoS
document Predictable hash function collisions lead to resources exhaustion.
  


22.02.2012
Detailed
7!libpng integer overflow
document Integer overflow on PNG parsing leads to heap buffer overflow.
6!Cisco Nexus switches DoS
document Crash on IP filtering.
6!libvorbis library buffer overflow
document Heap buffer overflow on ogg files parsing.
 Debian debdiff multiple security vulnerabilities
document Information leakage, code execution.
 ELBA multiple security vulnerabilities
document DoS, information leakage, SQL injection.
 mumble weak permissions
document Weak permissions for configuration files.
 PHP code execution
document filter_globals structure is not cleaned under some conditions.
 Skype memory corruption
document Memory corruption on file transfer.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Mercurycom MR804 router buffer overflow
document Buffer overflow on HTTP request headers parsgng.
  


16.02.2012
Detailed
8!Adobe Shockwave Player multiple security vulnerabilities
document Buffer overflow, multiple memory corruptions.
6!FreePBX information leakage
document It's possible to obtain extensions passwords via gen_amp_conf.php
  


15.02.2012
Detailed
7!Linux kernel multiple security vulnerabilities
document File systems privilege escalation, /proc privilege escalation, IGMP DoS.
 Microsoft Visio Viewer multiple security vulnerabilities
document Multiple memory corruptions on VSD files parsing.
 Microsoft SharePoint multiple XSS
document XSS in different pages.
 Skype information leakage
document Locally deleted messages are only marked as deleted without wipeing or squeezing the database.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 15.02.2012
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 HP Network Automation unauthorized access
document 
 Mutant 200s tuner directory traversal
document Directory traversal in embedded web server.
 Nomachine NX Web Companion code spoofing
document client.zip file is downloaded without signature check.
 EMC RSA enVision information leakage
document It's possible to obtain environment variables values.
  


14.02.2012
Detailed
7!Mozilla Firefox / Thunderbird / Seamonkey use-after-free
document nsXBLDocumentInfo::ReadPrototypeBindings use-after-free.
6!Yahoo! Messenger buffer overflow
document Buffer overflow on file transfer.
6!apr / aws libraries DoS
document resources consumption because of collisions in a hash function.
 D-Link DIR-601 directory traversal
document TFTP server directory traversal.
  


13.02.2012
Detailed
8!Adobe Acrobat / Reader multiple security vulnerabilities
updated since 21.01.2012
document Code execution, multiple memory corruptions.
6!sudo format string vulnerability
document Format string vulnerability on logging.
6!CA Total Defense multiple security vulnerabilities
document SQL injection, information leakage.
6!EMC Networker buffer overflow
document Buffer overflow on RPC request parsing in indexd.exe
 Wireshark multiple security vulnerabilities
document LANalyzer buffer overflow, DoS.
 bip security vulnerabilities
document DoS, buffer overflow.
 HP Data Protector Media Operations integer overflow
document DBServer.exe integer overflow.
 D-Link ShareCenter security vulnerabilities
document Authentication bypass, information leakage.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 IBM ActiveX multiple security vulnerabilities
document SPSS and Rational Rhapsody ActiveX multiple security vulnerabilities.
 Novell iPrint buffer overflow
document Buffer overflow on TCP/631 request parsing.
 EMC Documentum Content Server privilege escalation
document System administrator can elevate privileges to super-user.
  


12.02.2012
Detailed
 CVS client buffer overflow
document Heap buffer overflow on server response parsing.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
  


08.02.2012
Detailed
6!Linux privilege escalation
document Under some condirions mem_write allows to overrite process memory.
6!PHP security vulnerabilities
updated since 19.12.2011
document Reading outside allocated memory on JPEG exif headers parsing. CPU exhaustion because of predictable hash collisions for form data.
 Opera array index overflow
document Integer overflows in array functions.
 EMC Documentum xPlore information leakage
document Under specific circumstances, an authenticated user who does not have BROWSE permission on the object may be able to see the existence of or certain metadata on that object in a search result
 Mathopd directory traversal
document 
 QEMU buffer overflow
document Buffer overflow in network card emulation.
 curl data injection
document Data injection via request URL.
 Ubuntu utilities security vulnerabilities
document AccountsService and Software Properties privlege escalation.
 usbmuxd buffer overflow
document Buffer overflow on USB device SerialNumber parsing.
 X.Org privilege escalation
document Unprivileged user can start X server.
  


03.02.2012
Detailed
9!Apple OS X multiple security vulnerabilities
document Graphics, Video, Audio and documents parsing vulnerabilities. Information leakage, code execution via DNS resolver. Privilege escalation. Vulnerabilities in 3rd party packages.
8!Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
document Multiple memory corruptions, crossite access, crossite scripting, information leakage, weak permissions.
7!Apache multiple security vulnerabilities
document Information leakage, filtering bypass, privilege escalation, DoS.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru